Skip to content

azurermServicebusNamespaceNetworkRuleSet

Manages a ServiceBus Namespace Network Rule Set.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
  features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermServicebusNamespaceExample =
  new azurerm.servicebusNamespace.ServicebusNamespace(this, "example_2", {
    capacity: 1,
    location: azurermResourceGroupExample.location,
    name: "example-sb-namespace",
    resource_group_name: azurermResourceGroupExample.name,
    sku: "Premium",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermServicebusNamespaceExample.overrideLogicalId("example");
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example_3",
  {
    address_space: ["172.17.0.0/16"],
    dns_servers: ["10.0.0.4", "10.0.0.5"],
    location: azurermResourceGroupExample.location,
    name: "example-vnet",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermSubnetExample = new azurerm.subnet.Subnet(this, "example_4", {
  address_prefixes: ["172.17.0.0/24"],
  name: "default",
  resource_group_name: azurermResourceGroupExample.name,
  service_endpoints: ["Microsoft.ServiceBus"],
  virtual_network_name: azurermVirtualNetworkExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetExample.overrideLogicalId("example");
const azurermServicebusNamespaceNetworkRuleSetExample =
  new azurerm.servicebusNamespaceNetworkRuleSet.ServicebusNamespaceNetworkRuleSet(
    this,
    "example_5",
    {
      default_action: "Deny",
      ip_rules: ["1.1.1.1"],
      namespace_id: azurermServicebusNamespaceExample.id,
      network_rules: [
        {
          ignore_missing_vnet_service_endpoint: false,
          subnet_id: azurermSubnetExample.id,
        },
      ],
      public_network_access_enabled: true,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermServicebusNamespaceNetworkRuleSetExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • namespaceId - (Required) Specifies the ServiceBus Namespace ID to which to attach the ServiceBus Namespace Network Rule Set. Changing this forces a new resource to be created.

\~> NOTE: The ServiceBus Namespace must be premium in order to attach a ServiceBus Namespace Network Rule Set.

  • defaultAction - (Optional) Specifies the default action for the ServiceBus Namespace Network Rule Set. Possible values are allow and deny. Defaults to deny.

  • publicNetworkAccessEnabled - (Optional) Whether to allow traffic over public network. Possible values are true and false. Defaults to true.

  • trustedServicesAllowed - (Optional) If True, then Azure Services that are known and trusted for this resource type are allowed to bypass firewall configuration. See Trusted Microsoft Services

  • ipRules - (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the ServiceBus Namespace.

  • networkRules - (Optional) One or more networkRules blocks as defined below.

A networkRules block supports the following:

  • subnetId - (Required) The Subnet ID which should be able to access this ServiceBus Namespace.

  • ignoreMissingVnetServiceEndpoint - (Optional) Should the ServiceBus Namespace Network Rule Set ignore missing Virtual Network Service Endpoint option in the Subnet? Defaults to false.

Attributes Reference

The following attributes are exported:

  • id - The ID of the ServiceBus Namespace Network Rule Set.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the ServiceBus Namespace Network Rule Set.
  • update - (Defaults to 30 minutes) Used when updating the ServiceBus Namespace Network Rule Set.
  • read - (Defaults to 5 minutes) Used when retrieving the ServiceBus Namespace Network Rule Set.
  • delete - (Defaults to 30 minutes) Used when deleting the ServiceBus Namespace Network Rule Set.

Import

Service Bus Namespace can be imported using the resourceId, e.g.

terraform import azurerm_servicebus_namespace_network_rule_set.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.ServiceBus/namespaces/sbns1